CVE Catalog
CVE-2025-55659
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk0.03%
10th percentile - higher than 10% of all known CVEs
Summary
A NULL pointer dereference in the ctts_box_write function in GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) by supplying a crafted MP4 file.
Risk Assessment
The organization may experience service outages related to MP4 file processing, potentially leading to a loss of user trust.
Recommendation
It is recommended to update to the latest version of GPAC MP4Box to mitigate this vulnerability and to monitor systems for unauthorized MP4 files.
Original NVD description (English source)
A NULL pointer dereference in the ctts_box_write function (isomedia/box_code_base.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

